Updates to Appthority Trust Scoring System

One of the key features of Appthority’s app analysis has always been the trust score calculated for each app to reflect the overall app risk level based on on its behavior. Customers have come to rely on this score as a quick way to assess overall risk and ease policy creation using trust score as an input metric. So any change to how Appthority modifies our app scoring algorithms is something we want to communicate proactively to our valued customers.

Over the next week, Appthority will be rolling out changes to our overall risk scoring system in an effort to both improve accuracy and support risk analysis enhancements we have planned for the near future. The result of this new approach will likely be reflected in some changes to individual app scores versus the previous scoring methodology. However, since we are changing the overall risk scoring system, all apps will be adjusted in unison to the new methodology, and thus comparing apps based on scores will will remain accurate.

So what have we changed exactly?

The impact of redundant app behaviors have been simplified. For example, when an app makes repeated requests for on-device user data, we are now factoring the impact of this behavior just once rather than adjusting the score each time the request is made.

New architectural improvements to our scoring system will make it easier for Appthority to speed enhancements and improvements in the breadth and depth of our risk analysis engines.

We want to better align our scoring system to bring it into compliance with improvements to our risk analysis engine which are coming at the end of Q2-2015. These new engine improvements will expand the number of risk and threat detection rules, and also deepen the risk analysis for existing rules.

Customer should expect to see changes to trust scores over the next week. Overall, these scoring changes establish a more accurate foundation for calculating app risk and allow Appthority to better reflect future dynamic scoring updates based on enhancements to our risk analysis engine.